openstack/puppet-keystone
Code Issues Proposed changes

Ensure [mapped] remote_id_attribute is purged

Browse Source 
... otherwise the option can be left even after websso is disabled.

Change-Id: I53afdc8ba16596c80cd6dcd25a1a531fe45ae03d
This commit is contained in:
Takashi Kajinami
2023-08-15 17:14:12 +09:00
parent 581f52dfc0
commit d1989af67d
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/federation/mellon.pp
View File

@@ -66,6 +66,10 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
keystone_config { keystone_config {
'mapped/remote_id_attribute': value => 'MELLON_IDP'; 'mapped/remote_id_attribute': value => 'MELLON_IDP';
} }
} else {
keystone_config {
'mapped/remote_id_attribute': ensure => absent;
}
} }
concat::fragment { 'configure_mellon_keystone': concat::fragment { 'configure_mellon_keystone':

1
spec/classes/keystone_federation_mellon_spec.rb
View File

@@ -48,6 +48,7 @@ describe 'keystone::federation::mellon' do
it 'should have basic params for mellon in Keystone configuration' do it 'should have basic params for mellon in Keystone configuration' do
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
is_expected.to contain_keystone_config('mapped/remote_id_attribute').with_ensure('absent')
end end
it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({ it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({